What Bradenton business owners should know about legal obligations to protect personally identifiable information (PII)
Bradenton businesses manage substantial amounts of confidential data on their employees, customers, and clients. Much of this information is extremely sensitive, containing details that identity thieves employ to create fraudulent, criminal enterprises.
Legal authorities call this data personally identifiable information or PPI for short. Every business owes it to employees and customers to know the full extent of their obligations when it comes to protecting PPI.
PPI simply refers to any data relating to a certain individual that can be used to determine his or her identity. This can include paperwork that displays customers’ names, addresses, phone numbers, Social Security numbers, and bank account numbers. It also includes digital identifiers like IP addresses, device IDs, GPS information, and cookies. PPI does not include information that’s publicly available on federal, state, or local government records.
How does PPI reveal identifying factors?
PPI is classified according to whether it reveals a person’s identity directly or indirectly.
Direct identifiers completely reveal a person’s identity without the need for any supplemental information. Bank account statements, Social Security cards, passports, and driver’s licenses are examples of direct identifiers — they contain all the facts a data thief needs to assume another identity.
Indirect identifiers only disclose a portion of information, but when combined with other pieces of data they can provide enough detail to allow an identity thief to find out what they need to know. Indirect identifiers include items that show only the last four digits of a Social Security number, a birth date, or a street address that omits the city and state.
How companies are responsible for protecting PPI
When a business begins collecting data on their employees, finances, and customers, they take on the responsibility for keeping the data safe. This has become trickier in the days of advanced technology, and no corporation is ever truly safe from the fallout of a data breach. As we’ve seen with the effects of data breaches at companies like Target and Yahoo!, not guarding against identity theft can severely hamper a company’s reputation and finances.
That’s why Congress has enacted several pieces of legislation to protect private citizens against corporate or business identity theft. These include the Health Insurance Portability & Accountability Act for health insurance customers, the Fair Credit Reporting Act for private credit info and the Fair & Accurate Transaction Act for a broad range of identity theft scenarios. Many other pieces of legislation cover privacy regulations for specific industries.
How do companies lower their legal risks of exposing PPI?
The most prudent, economical way for a company to protect itself from identity-related legal problems is to devise and stick to an acceptable use policy that governs PPI. A solid policy should include:
- A list of employees allowed to access PPI
- Complete details on where and how PPI is stored
- Rules and permissions for accessing PPI
- Transparency on legal requirements involving PPI
- Clear directives on how long PPI can be kept active, and
- Closely followed schedules and processes for data destruction, including issuing certificates that verify data has been destroyed
ShredQuick helps Bradenton businesses manage and control their risks of PPI exposure with a full slate of complete data destruction that will ensure your company’s legal compliance. Contact us to find out more.
Request a Quote
Complete the Form for a Guaranteed Shredding Quote in 5 Minutes or Less